Total
12594 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2022-22104 | 1 Qualcomm | 38 Apq8096au, Apq8096au Firmware, Msm8996au and 35 more | 2024-08-03 | 8.4 High |
Memory corruption in multimedia due to improper check on the messages received. in Snapdragon Auto | ||||
CVE-2022-22098 | 1 Qualcomm | 2 Apq8096au, Apq8096au Firmware | 2024-08-03 | 8.4 High |
Memory corruption in multimedia driver due to untrusted pointer dereference while reading data from socket in Snapdragon Auto | ||||
CVE-2022-21852 | 1 Microsoft | 12 Windows 10, Windows 10 1809, Windows 10 1909 and 9 more | 2024-08-03 | 7.8 High |
Windows DWM Core Library Elevation of Privilege Vulnerability | ||||
CVE-2022-21237 | 1 Intel | 118 Lapbc510, Lapbc510 Firmware, Lapbc710 and 115 more | 2024-08-03 | 6.7 Medium |
Improper buffer access in firmware for some Intel(R) NUCs may allow a privileged user to potentially enable escalation of privilege via local access. | ||||
CVE-2022-21160 | 1 Intel | 18 Proset Wi-fi 6e Ax210, Proset Wi-fi 6e Ax210 Firmware, Wi-fi 6 Ax200 and 15 more | 2024-08-03 | 7.5 High |
Improper buffer restrictions for some Intel(R) PROSet/Wireless WiFi products may allow an unauthenticated user to potentially enable denial of service via network access. | ||||
CVE-2022-20947 | 1 Cisco | 2 Adaptive Security Appliance Software, Firepower Threat Defense | 2024-08-03 | 8.6 High |
A vulnerability in dynamic access policies (DAP) functionality of Cisco Adaptive Security Appliance (ASA) Software and Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote attacker to cause an affected device to reload, resulting in a denial of service (DoS) condition. This vulnerability is due to improper processing of HostScan data received from the Posture (HostScan) module. An attacker could exploit this vulnerability by sending crafted HostScan data to an affected device. A successful exploit could allow the attacker to cause the affected device to reload, resulting in a DoS condition. https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asa-ftd-dap-dos-GhYZBxDU ["https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asa-ftd-dap-dos-GhYZBxDU"] This advisory is part of the November 2022 release of the Cisco ASA, FTD, and FMC Security Advisory Bundled publication. | ||||
CVE-2022-4603 | 1 Samba | 1 Ppp | 2024-08-03 | 4.3 Medium |
A vulnerability classified as problematic has been found in ppp. Affected is the function dumpppp of the file pppdump/pppdump.c of the component pppdump. The manipulation of the argument spkt.buf/rpkt.buf leads to improper validation of array index. The real existence of this vulnerability is still doubted at the moment. The name of the patch is a75fb7b198eed50d769c80c36629f38346882cbf. It is recommended to apply a patch to fix this issue. VDB-216198 is the identifier assigned to this vulnerability. NOTE: pppdump is not used in normal process of setting up a PPP connection, is not installed setuid-root, and is not invoked automatically in any scenario. | ||||
CVE-2022-20236 | 1 Google | 1 Android | 2024-08-03 | 7.5 High |
A drm driver have oob problem, could cause the system crash or EOPProduct: AndroidVersions: Android SoCAndroid ID: A-233124709 | ||||
CVE-2022-20238 | 1 Google | 1 Android | 2024-08-03 | 9.8 Critical |
'remap_pfn_range' here may map out of size kernel memory (for example, may map the kernel area), and because the 'vma->vm_page_prot' can also be controlled by userspace, so userspace may map the kernel area to be writable, which is easy to be exploitedProduct: AndroidVersions: Android SoCAndroid ID: A-233154555 | ||||
CVE-2022-4900 | 2 Php, Redhat | 5 Php, Enterprise Linux, Linux and 2 more | 2024-08-03 | 6.2 Medium |
A vulnerability was found in PHP where setting the environment variable PHP_CLI_SERVER_WORKERS to a large value leads to a heap buffer overflow. | ||||
CVE-2022-4904 | 3 C-ares Project, Fedoraproject, Redhat | 6 C-ares, Fedora, Enterprise Linux and 3 more | 2024-08-03 | 8.6 High |
A flaw was found in the c-ares package. The ares_set_sortlist is missing checks about the validity of the input string, which allows a possible arbitrary length stack overflow. This issue may cause a denial of service or a limited impact on confidentiality and integrity. | ||||
CVE-2022-4639 | 1 Sslh Project | 1 Sslh | 2024-08-03 | 5.6 Medium |
A vulnerability, which was classified as critical, has been found in sslh. This issue affects the function hexdump of the file probe.c of the component Packet Dumping Handler. The manipulation of the argument msg_info leads to format string. The attack may be initiated remotely. The name of the patch is b19f8a6046b080e4c2e28354a58556bb26040c6f. It is recommended to apply a patch to fix this issue. The identifier VDB-216497 was assigned to this vulnerability. | ||||
CVE-2022-4291 | 1 Avast | 1 Script Shield | 2024-08-03 | 7.7 High |
The aswjsflt.dll library from Avast Antivirus windows contained a potentially exploitable heap corruption vulnerability that could enable an attacker to bypass the sandbox of the application it was loaded into, if applicable. This issue was fixed in version 18.0.1478 of the Script Shield Component. | ||||
CVE-2022-4203 | 2 Openssl, Redhat | 3 Openssl, Enterprise Linux, Rhel Eus | 2024-08-03 | 4.9 Medium |
A read buffer overrun can be triggered in X.509 certificate verification, specifically in name constraint checking. Note that this occurs after certificate chain signature verification and requires either a CA to have signed the malicious certificate or for the application to continue certificate verification despite failure to construct a path to a trusted issuer. The read buffer overrun might result in a crash which could lead to a denial of service attack. In theory it could also result in the disclosure of private memory contents (such as private keys, or sensitive plaintext) although we are not aware of any working exploit leading to memory contents disclosure as of the time of release of this advisory. In a TLS client, this can be triggered by connecting to a malicious server. In a TLS server, this can be triggered if the server requests client authentication and a malicious client connects. | ||||
CVE-2022-4046 | 1 Codesys | 14 Control For Beaglebone Sl, Control For Empc-a\/imx6 Sl, Control For Iot2000 Sl and 11 more | 2024-08-03 | 8.8 High |
In CODESYS Control in multiple versions a improper restriction of operations within the bounds of a memory buffer allow an remote attacker with user privileges to gain full access of the device. | ||||
CVE-2022-3965 | 1 Ffmpeg | 1 Ffmpeg | 2024-08-03 | 4.3 Medium |
A vulnerability classified as problematic was found in ffmpeg. This vulnerability affects the function smc_encode_stream of the file libavcodec/smcenc.c of the component QuickTime Graphics Video Encoder. The manipulation of the argument y_size leads to out-of-bounds read. The attack can be initiated remotely. The name of the patch is 13c13109759090b7f7182480d075e13b36ed8edd. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-213544. | ||||
CVE-2022-3974 | 1 Axiosys | 1 Bento4 | 2024-08-03 | 6.3 Medium |
A vulnerability classified as critical was found in Axiomatic Bento4. Affected by this vulnerability is the function AP4_StdcFileByteStream::ReadPartial of the file Ap4StdCFileByteStream.cpp of the component mp4info. The manipulation leads to heap-based buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-213553 was assigned to this vulnerability. | ||||
CVE-2022-3964 | 1 Ffmpeg | 1 Ffmpeg | 2024-08-03 | 4.3 Medium |
A vulnerability classified as problematic has been found in ffmpeg. This affects an unknown part of the file libavcodec/rpzaenc.c of the component QuickTime RPZA Video Encoder. The manipulation of the argument y_size leads to out-of-bounds read. It is possible to initiate the attack remotely. The name of the patch is 92f9b28ed84a77138105475beba16c146bdaf984. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-213543. | ||||
CVE-2022-3786 | 4 Fedoraproject, Nodejs, Openssl and 1 more | 4 Fedora, Node.js, Openssl and 1 more | 2024-08-03 | 7.5 High |
A buffer overrun can be triggered in X.509 certificate verification, specifically in name constraint checking. Note that this occurs after certificate chain signature verification and requires either a CA to have signed a malicious certificate or for an application to continue certificate verification despite failure to construct a path to a trusted issuer. An attacker can craft a malicious email address in a certificate to overflow an arbitrary number of bytes containing the `.' character (decimal 46) on the stack. This buffer overflow could result in a crash (causing a denial of service). In a TLS client, this can be triggered by connecting to a malicious server. In a TLS server, this can be triggered if the server requests client authentication and a malicious client connects. | ||||
CVE-2022-3785 | 1 Axiosys | 1 Bento4 | 2024-08-03 | 6.3 Medium |
A vulnerability, which was classified as critical, has been found in Axiomatic Bento4. Affected by this issue is the function AP4_DataBuffer::SetDataSize of the component Avcinfo. The manipulation leads to heap-based buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-212564. |